package com.happyfamily.springboot.crowdsourcingplatform.security;

import com.google.code.kaptcha.impl.DefaultKaptcha;
import com.google.code.kaptcha.util.Config;
import com.happyfamily.springboot.crowdsourcingplatform.security.authentication.*;
import com.happyfamily.springboot.crowdsourcingplatform.verificationcode.CaptchaException;
import com.happyfamily.springboot.crowdsourcingplatform.verificationcode.LoginAuthenticationFailureHandler;
import com.happyfamily.springboot.crowdsourcingplatform.verificationcode.LoginAuthenticationFilter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.ExceptionMappingAuthenticationFailureHandler;
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;


import com.google.code.kaptcha.impl.DefaultKaptcha;
import com.google.code.kaptcha.util.Config;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.*;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.authentication.*;
import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;

import java.util.HashMap;
import java.util.Map;
import java.util.Properties;








import java.util.HashMap;
import java.util.Map;
import java.util.Properties;

/**
 * @Author Administrator
 * @create 2020/02/16 17:18
 */
@EnableWebSecurity
@Configuration
public class SpringSecurityConfig
{


	/**
	 * 管理端安全框架
	 */
	@Configuration
	@Order(2)
	public static class BackConfigurationAdapter extends WebSecurityConfigurerAdapter{

		@Autowired
		private UserDetailsService userDetailsService;

		@Autowired
		private MyAuthenticationSuccessHandler myAuthenticationSuccessHandler;

		@Autowired
		private MyAuthenctiationFailureHandler myAuthenctiationFailureHandler;

		@Autowired
		private RestAuthenticationAccessDeniedHandler restAuthenticationAccessDeniedHandler;

		@Autowired
		private MyLogoutSuccessHandler myLogoutSuccessHandler;

		@Autowired
		private MySessionExpiredStrategy sessionExpiredStrategy;


		@Override
		protected void configure(AuthenticationManagerBuilder auth) throws Exception
		{
			auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
		}




		@Override
		protected void configure(HttpSecurity http) throws Exception
		{
			http.csrf().disable();
			http
					.antMatcher("/api-back/**")
					.authorizeRequests()//启用基于 HttpServletRequest 的访问限制，开始配置哪些URL需要被保护、哪些不需要被保护
					.antMatchers().permitAll()//未登陆用户允许的请求
					.anyRequest()
					.authenticated();



			//解决X-Frame-Options DENY问题
			http.headers().frameOptions().sameOrigin();
			http.formLogin()
					.loginPage("/404.html")//登陆界面页面跳转URL
					.loginProcessingUrl("/api-back/login")//登陆界面发起登陆请求的URL
					.successHandler(myAuthenticationSuccessHandler)
					.failureHandler(myAuthenctiationFailureHandler)
			.and()
					.logout()
					.logoutSuccessUrl("/logout")
					.permitAll()
					.invalidateHttpSession(true).
					 deleteCookies("JSESSIONID")
//					.logoutSuccessHandler(myLogoutSuccessHandler)
//					.and()
//					.sessionManagement()//添加session管理器
//					.invalidSessionUrl("/session/invalid") // Session失效后跳转到这个链接
//					.maximumSessions(1)//最大Session并发数量为1个
//					.maxSessionsPreventsLogin(true)//当Session达到最大有效数的时候，不再允许相同的账户登录
//					.expiredSessionStrategy(sessionExpiredStrategy)
			;

			//异常处理
			http.exceptionHandling().accessDeniedHandler(restAuthenticationAccessDeniedHandler);

		}

		/**
		 * 处理密码加密解密逻辑
		 * @return
		 */
		@Bean
		public PasswordEncoder passwordEncoder() {
			return new BCryptPasswordEncoder();
		}










	}





}
